Table of Contents
도메인으로 Nomad client cluster 접속
AWS Elastic Load Balancing 서비스를 이용해,
할당받은 도메인으로,
Nomad client cluster 에 접속할 수 있습니다.
ELB 도메인을 이용한 접속
-
health check 를 위한 Job 을 생성합니다.
-
브라우저 -> AWS ELB -> Nomad client cluster
Nomad client cluster 를 생성한 폴더에 아래 파일을 추가합니다.
vi elb.tf
-----------------------------
resource "aws_elb" "nomad_client_elb" {
name = "${var.stack_name}-nomad-client-elb"
availability_zones = var.availability_zones
internal = false
idle_timeout = 360
security_groups = [ aws_security_group.client_lb.id ]
instances = aws_instance.nomad_client.*.id
lifecycle { create_before_destroy = true }
listener {
instance_port = 2390 # 내부 포트
instance_protocol = "http"
lb_port = 2020 # 외부 포트
lb_protocol = "http"
}
# access_logs {
# bucket = "weblog"
# prefix = "www.myexample.com-"
# enabled = true
# }
health_check {
healthy_threshold = 8
unhealthy_threshold = 2
timeout = 3
target = "HTTP:2390/"
interval = 30
}
}
-----------------------------vi outputs.tf
-----------------------------
output "elb_dns_name" {
value = "${aws_elb.nomad_client_elb.dns_name}"
}
-----------------------------vi sg.tf
-----------------------------
# health check
ingress {
from_port = 2390
to_port = 2390
protocol = "tcp"
cidr_blocks = var.allowlist_ip
}
-----------------------------ELB 가 작동하려면 1-2분 정도의 시간이 필요합니다.
DNS_PROBE_FINISHED_NXDOMAIN 라는 오류문구가 뜨면
아직 DNS 설정이 반영안된 상태입니다.
접속하려는 서버 포트와 health check 포트는 public access 가 허용되야 합니다.
브라우저를 이용해 http://my-nomad-client-elb-19628203.ap-northeast-2.elb.amazonaws.com:2020 에 접속하면 hello_world 에 접속할 수 있습니다.
로그확인
http_x_forwarded_for 에 접속한 클라이언트 아이피가 제공됩니다.
ssh <노마드클라이언트서버>
sudo docker ps
sudo docker logs <CONTAINER ID>
172.31.25.58 - - [25/Aug/2022:07:53:26 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:27 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:28 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:29 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:29 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX"
172.31.25.58 - - [25/Aug/2022:07:53:37 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"자체 도메인을 이용한 접속
-
ELB 설정이 끝난 이후에 아래 설정을 추가합니다.
-
도메인은 Route 53 에 의해 관리되고 있어야 합니다.
-
브라우저 -> 자체도메인(Route 53) -> AWS ELB -> Nomad client cluster
-
https 인증서 생성 : 여기 를 참조해서 인증서를 생성합니다.
vi domain.tf
-----------------------------
data "aws_route53_zone" "skyer9_pe_kr_zone" {
name = "skyer9.pe.kr"
}
resource "aws_route53_record" "nomad_client" {
zone_id = data.aws_route53_zone.skyer9_pe_kr_zone.zone_id
name = "nomad-client.skyer9.pe.kr"
type = "A"
alias {
name = aws_elb.nomad_client_elb.dns_name
zone_id = aws_elb.nomad_client_elb.zone_id
evaluate_target_health = true
}
}
-----------------------------vi acm.tf
-----------------------------
data "aws_acm_certificate" "cert_nomad_client_skyer9_pe_kr" {
domain = "nomad-client.skyer9.pe.kr"
}
-----------------------------vi elb.tf
-----------------------------
resource "aws_elb" "nomad_client_elb" {
# ......
listener {
instance_port = 2390 # 내부 포트
instance_protocol = "http"
lb_port = 2020 # 외부 포트
lb_protocol = "https"
ssl_certificate_id = data.aws_acm_certificate.cert_nomad_client_skyer9_pe_kr.arn
}
# ......
}
-----------------------------로그확인
http_x_forwarded_for 에 접속한 클라이언트 아이피가 제공됩니다.
ssh <노마드클라이언트서버>
sudo docker ps
sudo docker logs <CONTAINER ID>
172.31.25.58 - - [25/Aug/2022:07:38:07 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"
172.31.25.58 - - [25/Aug/2022:07:38:12 +0000] "GET / HTTP/1.1" 200 7231 "-" "ELB-HealthChecker/1.0" "172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:17 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"
172.31.25.58 - - [25/Aug/2022:07:38:20 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:21 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:21 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "ELB-HealthChecker/1.0" "172.31.43.57"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:22 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:23 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:23 +0000] "GET / HTTP/1.1" 200 7231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" "183.101.XXX.XXX, 172.31.26.97"
172.31.25.58 - - [25/Aug/2022:07:38:27 +0000] "GET /health HTTP/1.1" 200 7237 "-" "Consul Health Check" "-"